/// <summary> /// Override this method to deal with 401 challenge concerns, if an authentication scheme in question /// deals an authentication interaction as part of it's request flow. (like adding a response header, or /// changing the 401 result to 302 of a login page or external sign-in location.) /// </summary> /// <param name="properties"></param> /// <returns> /// A Task. /// </returns> protected override async Task HandleChallengeAsync(AuthenticationProperties properties) { if (Options.Configuration == null) { Options.Configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); } if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = CurrentUri; } //string assertionHostUrl = new Uri(CurrentUri).Scheme + "://" + new Uri(CurrentUri).Authority; var sendAssertionTo = new Uri(new Uri(CurrentUri), Options.CallbackPath).AbsoluteUri; //string sendAssertionTo = assertionHostUrl; //if (!string.IsNullOrEmpty(Options.AssertionURL_PRD)) //{ // string assertionHostPrdUrl = new Uri(Options.AssertionURL_PRD).Host; // sendAssertionTo = assertionHostUrl == assertionHostPrdUrl ? Options.AssertionURL_PRD : sendAssertionTo; //} //if (!string.IsNullOrEmpty(Options.AssertionURL_DEV)) //{ // string assertionHostDevUrl = new Uri(Options.AssertionURL_DEV).Host; // sendAssertionTo = assertionHostUrl == assertionHostDevUrl ? Options.AssertionURL_DEV : sendAssertionTo; //} //if (!string.IsNullOrEmpty(Options.AssertionURL_STG)) //{ // string assertionHostStgUrl = new Uri(Options.AssertionURL_STG).Host; // sendAssertionTo = assertionHostUrl == assertionHostStgUrl ? Options.AssertionURL_STG : sendAssertionTo; //} //prepare AuthnRequest ID, assertion Url and Relay State to prepare for Idp call string authnRequestId = "id" + Guid.NewGuid().ToString("N"); string assertionConsumerServiceUrl = sendAssertionTo; GenerateCorrelationId(properties); string relayState = Options.StateDataFormat.Protect(properties); //cleanup and remove existing cookies CookieOptions deleteCookieOptions = Options.RequestCookieId.Build(Context, Clock.UtcNow); Response.DeleteAllRequestIdCookies(Context.Request, deleteCookieOptions); //create and append new response cookie Options.RequestCookieId.Name = Options.AuthenticationScheme + relayState; Response.Cookies.Append(Options.RequestCookieId.Name, authnRequestId, Options.RequestCookieId.Build(Context)); //create authnrequest call string authnRequest = _saml2Service.CreateAuthnRequest(Options, authnRequestId, relayState, assertionConsumerServiceUrl); //call idp Response.Redirect(authnRequest); }